We are trying to avoid a repeat of a situation that occurred this moring.

A users account was compromised and used to send a Phish email to all addresses in their address book.

One of these addresses was our helpdesk.

A confirmation notice then went from the helpdesk to everyone on the original address list. While the initial phish got blocked by most users spam filters the helpdesk one did not and many users where asking why we had sent them the phish email and had our helpdesk been hacked.

Is there a way we can block/reject/bounce inbound or outbound emails or notifications that contain more than a set number of recipients? This would help reduce the chances of this happening again.

Svend.